I'm getting reports from a reputable source that Open Office http://www.openoffice.org/ removes MS Office password protection so that MS Office 2000/XP password protected documents can be opened and read by Open Office and saved in work format without the original password.

Does anyone know anything about this?

AFAIK, MSOffice doesn't just stick a password on it, it encrypts it using that password.

So, OO can't break it.

Originally posted by siyan
AFAIK, MSOffice doesn't just stick a password on it, it encrypts it using that password.

So, OO can't break it.

That's what I assumed. I'm continuing investigations.

Not the latest but the previous verssion of OO does hust that, the latest version asjs for a password.

The older Office "passwords" could easily be broken, I remember removing Access database passwords by zeroing a single byte in the file (heh).

Originally posted by parksie
The older Office "passwords" could easily be broken, I remember removing Access database passwords by zeroing a single byte in the file (heh).

/approaches podium

"You will all note to never let parksie near your computers. Thank you."

/walks off

:p

People should know that as a matter of course >:-D

Originally posted by siyan
/approaches podium

"You will all note to never let parksie near your computers. Thank you."

/walks off

:p

Sound like the old story from Los Alamos where Richard Feynman tells the general in charge to send a memo out that scientists shouldn't leave their safe doors open (even if there is nothing in them) as you can read the combination off the tumbles when the door is open. The General's memo of course just says "don't leave your safe door open when Feynman is around ;)

Originally posted by parksie
The older Office "passwords" could easily be broken, I remember removing Access database passwords by zeroing a single byte in the file (heh).
Nightmare! Tell me this is Word 2.0 or something with a "password is set" byte not XP :(

Worked up until 97. MS fixed it a bit after that, but I think there are still ways to crack them without too much effort.

In any case, if you need real security you should be using PGP.

Originally posted by parksie
Worked up until 97. MS fixed it a bit after that, but I think there are still ways to crack them without too much effort.

Are these essentially brute force crackers (is it elscomsoft???)

Originally posted by siyan
In any case, if you need real security you should be using PGP.
I don't want to go into it in detail but its more complex than that ;)

For real security I suggest that you use AES Rijndael 256-bit with no asymmetric component and a seeded SHA512 hash to make sure that you are using the full keyspace.

Originally posted by Kzin
I don't want to go into it in detail but its more complex than that ;)

For real security I suggest that you use AES Rijndael 256-bit with no asymmetric component and a seeded SHA512 hash to make sure that you are using the full keyspace.

I know its more complicated, but not exactly how. So :p

Originally posted by siyan
I know its more complicated, but not exactly how. So :p

:D

The summary is that it has to be Office 2000/XP in this case:cool: